Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help removing redirect malware


  • This topic is locked This topic is locked
14 replies to this topic

#1 iselltrees

iselltrees

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 19 March 2011 - 05:02 PM

Hello,
I am having problems removing a redirect malware on my computer. Based on a prompt from Budapest, find what's required below.


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by USER at 14:51:37.17 on Sat 03/19/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1552 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS1\system32\Ati2evxx.exe
C:\WINDOWS1\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS1\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS1\system32\dlbxcoms.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS1\system32\svchost.exe -k imgsvc
C:\WINDOWS1\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS1\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\My Documents\Downloads\Defogger(2).exe
C:\Documents and Settings\USER\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
mURLSearchHooks: H - No File
uWinlogon: Shell=c:\documents and settings\user\application data\gog.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [ctfmon.exe] c:\windows1\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [dlbxmon.exe] "c:\program files\dell photo aio printer 962\dlbxmon.exe"
mRun: [DLBXCATS] rundll32 c:\windows1\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobea~1.lnk - c:\windows1\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: intuit.com\ttlc
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\c7994v2f.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows1\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows1\system32\drivers\ctxusbm.sys [2009-9-8 65584]
.
=============== Created Last 30 ================
.
2011-03-18 04:42:24 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-03-18 04:42:23 472808 ----a-w- c:\windows1\system32\deployJava1.dll
2011-03-10 06:41:06 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Temp
2011-03-03 06:31:21 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-02-27 06:41:24 -------- d-sha-r- C:\cmdcons
2011-02-27 06:33:55 98816 ----a-w- c:\windows1\sed.exe
2011-02-27 06:33:55 89088 ----a-w- c:\windows1\MBR.exe
2011-02-27 06:33:55 256512 ----a-w- c:\windows1\PEV.exe
2011-02-27 06:33:55 161792 ----a-w- c:\windows1\SWREG.exe
2011-02-27 05:23:08 12872 ----a-w- c:\windows1\system32\bootdelete.exe
2011-02-27 05:12:15 16968 ----a-w- c:\windows1\system32\drivers\hitmanpro35.sys
2011-02-27 05:11:51 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Hitman Pro
2011-02-22 05:12:00 -------- d-----w- c:\docume~1\user\applic~1\AVG9
.
==================== Find3M ====================
.
2011-02-15 14:35:26 1716297 ----a-w- c:\windows1\system32\InetClnt.dll
2011-02-03 02:19:39 73728 ----a-w- c:\windows1\system32\javacpl.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JD-75HBB0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89B1BEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x888c4872; SUB DWORD [EBP-0x4], 0x888c412e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x89BD0AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x89BC9568]
[0x89BA0CC8] -> IRP_MJ_CREATE -> 0x89B1BEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskWDC_WD2500JD-75HBB0_____________________08.02D08#5&139d26ec&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89B1BAEA
user & kernel MBR OK
copy of MBR has been found in sector 9 !
sectors 488281248 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 14:53:34.98 ===============

thanks for the help, really appreciated

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 19 March 2011 - 11:47 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Posted Image P2P - I see you have P2P software (uTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes at BC are complete.

Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 iselltrees

iselltrees
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 20 March 2011 - 12:30 AM

Hello,
thanks for the help. I understand that the service is free, but I will be sure to donate at the end of it all.

While initiating combofix a prompt came up saying "PEV.cfxxe has encountered a problem and needs to close". I elected not to "send a report" however the fact this program had to close had no effect on combofix running.
Here's the log

ComboFix 11-03-19.01 - USER 03/19/2011 22:12:58.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1721 [GMT -7:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows1\system32\drivers\dmload.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 )))))))))))))))))))))))))))))))
.
.
2011-03-18 04:42 . 2011-02-03 04:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-18 04:42 . 2011-02-03 04:40 472808 ----a-w- c:\windows1\system32\deployJava1.dll
2011-03-18 04:41 . 2011-03-18 04:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS1\Application Data\McAfee
2011-03-10 06:41 . 2011-03-19 00:46 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Temp
2011-03-03 06:31 . 2011-03-03 06:31 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-02-28 05:23 . 2011-02-28 05:23 -------- d-sh--w- c:\documents and settings\Administrator.OWNER-2G\PrivacIE
2011-02-27 05:23 . 2011-02-27 05:23 12872 ----a-w- c:\windows1\system32\bootdelete.exe
2011-02-27 05:12 . 2011-02-28 05:17 16968 ----a-w- c:\windows1\system32\drivers\hitmanpro35.sys
2011-02-27 05:11 . 2011-03-03 06:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS1\Application Data\Hitman Pro
2011-02-22 06:00 . 2011-02-22 06:00 -------- d-----w- c:\documents and settings\Administrator.OWNER-2G\Local Settings\Application Data\Mozilla
2011-02-22 05:44 . 2011-02-22 05:44 -------- d-----w- c:\documents and settings\Administrator.OWNER-2G\Application Data\Malwarebytes
2011-02-22 05:43 . 2011-02-22 05:43 -------- d-sh--w- c:\documents and settings\Administrator.OWNER-2G\IETldCache
2011-02-22 05:12 . 2011-02-22 05:12 -------- d-----w- c:\documents and settings\USER\Application Data\AVG9
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-15 14:35 . 2011-02-15 14:35 1716297 ----a-w- c:\windows1\system32\InetClnt.dll
2011-02-15 14:35 . 2011-02-15 14:35 12 ----a-w- c:\windows1\Fonts\wfonts.key
2011-02-03 02:19 . 2009-01-27 06:05 73728 ----a-w- c:\windows1\system32\javacpl.cpl
2010-12-21 02:09 . 2010-06-03 23:13 38224 ----a-w- c:\windows1\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2010-06-03 23:13 20952 ----a-w- c:\windows1\system32\drivers\mbam.sys
2009-09-13 06:05 . 2009-09-13 06:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 06:06 . 2009-09-13 06:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 06:06 . 2009-09-13 06:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 06:06 . 2009-09-13 06:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 06:06 . 2009-09-13 06:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 06:07 . 2009-09-13 06:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 06:06 . 2009-09-13 06:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 06:06 . 2009-09-13 06:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 20:33 . 2009-08-14 20:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 06:06 . 2009-09-13 06:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-02-27_07.06.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-20 05:11 . 2011-03-20 05:11 16384 c:\windows1\Temp\Perflib_Perfdata_554.dat
+ 2008-04-14 12:00 . 2011-03-13 17:14 67312 c:\windows1\system32\perfc009.dat
- 2008-04-14 12:00 . 2010-11-09 02:19 67312 c:\windows1\system32\perfc009.dat
+ 2011-03-01 01:43 . 2011-03-01 01:43 60416 c:\windows1\Installer\291fb.msp
- 2008-04-14 12:00 . 2010-11-09 02:19 432356 c:\windows1\system32\perfh009.dat
+ 2008-04-14 12:00 . 2011-03-13 17:14 432356 c:\windows1\system32\perfh009.dat
+ 2011-03-18 04:42 . 2011-02-03 04:40 157472 c:\windows1\system32\javaws.exe
+ 2011-03-18 04:42 . 2011-02-03 04:40 145184 c:\windows1\system32\javaw.exe
- 2009-11-14 03:58 . 2009-10-11 12:17 145184 c:\windows1\system32\javaw.exe
+ 2011-03-18 04:42 . 2011-02-03 04:40 145184 c:\windows1\system32\java.exe
- 2009-11-14 03:58 . 2009-10-11 12:17 145184 c:\windows1\system32\java.exe
+ 2011-02-25 01:58 . 2011-02-25 01:58 402432 c:\windows1\Installer\6af16d.msp
+ 2011-03-18 04:42 . 2011-03-18 04:42 180224 c:\windows1\Installer\5cc9d.msi
+ 2011-03-03 06:25 . 2011-03-03 06:31 6414228 c:\windows1\system32\Restore\rstrlog.dat
+ 2011-02-22 02:50 . 2011-02-22 02:50 3738624 c:\windows1\Installer\6af0c6.msp
+ 2011-02-22 02:48 . 2011-02-22 02:48 3634688 c:\windows1\Installer\6af068.msp
+ 2011-03-01 01:42 . 2011-03-01 01:42 2821120 c:\windows1\Installer\291f0.msp
+ 2011-03-01 01:40 . 2011-03-01 01:40 3221504 c:\windows1\Installer\291a1.msp
- 2011-02-22 05:01 . 2011-02-22 05:01 1980736 c:\windows1\Installer\{A525E00B-6609-442E-9DCD-64453C233E8D}\TurboTax.exe
+ 2011-03-03 06:36 . 2011-03-03 06:36 1980736 c:\windows1\Installer\{A525E00B-6609-442E-9DCD-64453C233E8D}\TurboTax.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-03-10 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"dlbxmon.exe"="c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 425984]
"DLBXCATS"="c:\windows1\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
.
c:\documents and settings\All Users.WINDOWS1\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows1\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-9-7 25214]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS1\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows1\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-06-01 20:32 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows1\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 23:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 10:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS1\\system32\\dlbxcoms.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS1\\system32\\sessmgr.exe"=
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows1\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]
S4 sptd;sptd;c:\windows1\system32\Drivers\sptd.sys --> c:\windows1\system32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-19 c:\windows1\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-1417001333-1003Core.job
- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-10 06:41]
.
2011-03-20 c:\windows1\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-1417001333-1003UA.job
- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-10 06:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: intuit.com\ttlc
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\c7994v2f.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-19 22:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows1\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,2e,d5,21,85,da,06,4b,ad,03,05,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,2e,d5,21,85,da,06,4b,ad,03,05,\
.
Completion time: 2011-03-19 22:26:18
ComboFix-quarantined-files.txt 2011-03-20 05:26
ComboFix2.txt 2011-02-28 06:19
ComboFix3.txt 2011-02-27 17:16
ComboFix4.txt 2011-02-27 07:10
.
Pre-Run: 81,785,982,976 bytes free
Post-Run: 81,797,156,864 bytes free
.
- - End Of File - - 6C00F74CA539FF92A846A8F2E0A1E8EA

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 20 March 2011 - 09:57 AM

iselltrees:

How is your computer running now? Please do this next:

Posted Image You have this program installed, Malwarebytes Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Posted Image Please run ESET Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes click the Details tab.
  • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.
Please include the following in your next post:
  • How is the computer running?
  • MBAM log
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 iselltrees

iselltrees
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 20 March 2011 - 02:14 PM

all three browsers (chrome, ie, firefox) seem not to be redirecting me, though I'm going to leave them all open to various webpages for now to see what happens.

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 20 March 2011 - 02:16 PM

Good, please continue on with my other instructions though.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 iselltrees

iselltrees
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 20 March 2011 - 02:17 PM

sorry, didn't mean for that previous post to actually be "posted" at that point, I hadn't run MBAM or ESET. So, after running, it still seems to be okay. The MBAM found nothing, but ESET found 3 items.

Here's the MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6093

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/20/2011 8:52:00 AM
mbam-log-2011-03-20 (08-52-00).txt

Scan type: Quick scan
Objects scanned: 216974
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

AND HERE'S THE ESET LOG

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6093

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/20/2011 8:52:00 AM
mbam-log-2011-03-20 (08-52-00).txt

Scan type: Quick scan
Objects scanned: 216974
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 20 March 2011 - 02:20 PM

You posted the MBAM log twice and no ESET log. Can you try the ESET log again for me?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 iselltrees

iselltrees
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 20 March 2011 - 03:08 PM

sure, sorry, there was no "details" tab at the completion of the eset scan, however, I did find the "C:" file, here it is

C:\Qoobox\Quarantine\C\WINDOWS1\system32\Drivers\dmload.sys.vir Win32/Olmarik.ZC trojan
C:\System Volume Information\_restore{324FF7CD-1FE5-4E0D-8406-97025AECE121}\RP546\A0199747.exe Win32/Adware.XPAntiSpyware.AB application
C:\System Volume Information\_restore{324FF7CD-1FE5-4E0D-8406-97025AECE121}\RP548\A0200831.sys Win32/Olmarik.ZC trojan

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 20 March 2011 - 03:28 PM

iselltrees:

No worries there - those are all either in the ComboFix quarantine or your system restore cache. They will be cleaned out when we uninstall ComboFix. All I have left for you to take care of is some very important cleanup:

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • GMER
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Install an anti-virus program. I don't see any anti-virus software running on your computer. Choose one, (but no more) reputable AV program. If you need help chosing one, this site has good information. Avast, Avira and Microsoft all offer free AV products.

Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Avoid using P2P programs. Refer back to my earlier post for more information.
  • Please visit this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 iselltrees

iselltrees
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 20 March 2011 - 04:26 PM

thanks RPMcMurphy

This seems to have worked. I will consider your advice on the P2P, however, I haven't used it in months, so I am not sure the infection came from that source. I did have AVG Free scanner previously, but ended up removing it on a previous "fake microsoft security essentials" removal I did a few weeks ago. I seemed to have gotten that fake Microsoft malware the same time as the redirect issue, though the redirect was proving very hard to remove. Regardless, I will reinstall AVG, unless one from your list below is better?

Also, I have had an issue for a year-or-so where sometimes after windows starts I can't see the desktop (icons, start menu, etc.) on my screen. All I can see is my desktop wallpaper. If I cntrl-alt-dlt to get my task manager up, I can log off then log back in and it usually remedies itself. Or, sometimes I can see my desktop, but when I click to open firefox, nothing happens. If I cntrl-alt-dlt and open the "create new task", I can type in "firefox" and it'll run. Very strange, I am not sure if these two items are related to each other (because they both have to do with my computer after start up) or not? Do you have any insight for me? I've entered some search terms in the forums search bar, but go no relevant results.

Thanks and I will donate (you saved me from having to pay my local computer repair guy $90)!

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 20 March 2011 - 04:40 PM

iselltrees:

I hate to recommend one AV over another, but it sounds like this is at least your second infection using it. It may not hurt to give one of the others a spin.

I'm not sure what could be causing your other issues, though I don't see any remaining malware in your logs. While we have been able to identify and remove the malware, we can't always undo the damage the infections cause with the Windows Operating System - especially if you've been infected a few times now. You could try running this:

Posted Image Please follow these instructions to run System File Checker:
  • Click Start > Run or press the Windows Key + R, and enter the following command into the run box and click OK:
sfc /scannow

sfc<space>/scannow


If that doesn't turn anything up you may want to consider a fresh Windows install when you have some time on your hands.

Thanks for the donation! Take care. I'll leave the thread open for a day or so in case you run into a problem.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 iselltrees

iselltrees
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 20 March 2011 - 07:02 PM

thanks, I'm completely good. Okay, thanks for the opinion on the "non-desktop" issue. I tried to run the sfc /scannow but don't have the windows xp disk it was prompting me for so I had to reboot.

anyways, thanks again, consider my problem solved

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 20 March 2011 - 07:45 PM

OK, but just for reference if sfc was wanting your install disk that confirms my suspicion that you have some system files with issues.

Take care!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 20 March 2011 - 07:46 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users